[strongSwan] Issues with StrongSwan Android client and Azure MFA

Chris Sherry smilinjoe at gmail.com
Tue Jan 22 19:07:07 CET 2019


Tobias,

To follow up from my previous emails, I think I have a handle on what's
happening. As soon as the VPN injects the route for the networks on the
other end (in my case 0.0.0.0), that's when my second factor auth breaks.
At that point the IP of the client (my phone) changes to the egress IP on
my VPN. The Authenticator app still tries to send traffic to he old IP, and
due to the injected route, that fails. Even if I exclude the app from the
VPN, it still has to follow the routing table, correct? There aren't
separate tables for the VPN and things excluded, right?

So my question to you is why is the route being injected BEFORE the tunnel
is fully authenticated? Should this not happen at the end?

Thanks,
Chris.

On Mon, Jan 14, 2019 at 5:11 AM Tobias Brunner <tobias at strongswan.org>
wrote:

> Hi Chris,
>
> > So it
> > almost seems like the StrongSwan client is blocking traffic while the
> > VPN connection is being built (after phase 1).
>
> It does.  If there is an app or IP address that should bypass the VPN,
> configure it in the advanced VPN profile settings.
>
> Regards,
> Tobias
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20190122/4be56f26/attachment.html>


More information about the Users mailing list